<?php
	if ($_REQUEST['delete']) {
		$post_id = escapestr($_REQUEST['delete']);
		$query = "Select user from `forum_posts` where `id`='$post_id'";
		$result = mysql_query ($query);
		$parent = escapestr($_REQUEST['parent']);
		if ($result) {
			$userid = mysql_result($result,0);
			if ($userid==$id) {
				$query = "delete from `forum_posts` where `id`='$post_id'";
				$result = mysql_query ($query) ; 
				if ($result) {
					$SITE_MIDDLE .= FormatElement(GetLangString($lang, "txt_deleted"),GetLangString($lang, "msg_postdeleted"). 
					"<br><a href='/index.php?do=forum&thread=$parent'>" .
				GetLangString($lang, 'msg_forumpostedbacklink'));	
				} else {
					$SITE_MIDDLE .= FormatElement(GetLangString($lang, "txt_error"),GetLangString($lang, "msg_dberror"));
				}
			} else {
				$SITE_MIDDLE .= FormatElement(GetLangString($lang, "txt_error"),GetLangString($lang, "msg_notyourpost"));
			}
		}

	} else 
	if ($_REQUEST['edit']) {
		$post_id = escapestr($_REQUEST['edit']);
		$query = "select * from `forum_posts` where `id`='$post_id' and `user`='$id'";
		$result = mysql_query ($query);
		if($result) {
			$post = mysql_fetch_array($result);
			$edit    = "<form action=\"/index.php?do=forum\" method=\"post\">
											 	<input type=\"hidden\" name=\"post\" value=\"$post_id\">
												<input type=\"hidden\" name=\"thread\" value='".$post['parent']."'>".
												FormatSmallElement(GetLangString($lang,"txt_forumpostedit"),"
												<textarea  name=\"text\" rows=\"15\">".
												$post['text']."</textarea>") . 
												"<input type=\"submit\" value=\"".GetLangString($lang,"txt_postinforum")."\" name=\"edited\">";

		$SITE_MIDDLE .= FormatElement (GetLangString($lang,"txt_forumedit"),$edit);			
			
		} else {
			$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_dberror'));
		}
		
	} else
	if ($_REQUEST['edited']) {
		$post_id = escapestr($_REQUEST['post']);
		$newtext = escapestr($_REQUEST['text']);
		$parent  = escapestr($_REQUEST['thread']);
		$time = time();
		$query = "update `forum_posts` set `text`='$newtext', `edited`='$time' where `id`='$post_id'";
		$result = mysql_query ($query);
		if ($result) {
			$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_forum'),GetLangString($lang,'msg_forumpostupdated'). 
					"<br><a href='/index.php?do=forum&thread=$parent'>" .
				GetLangString($lang, 'msg_forumpostedbacklink'));
		} else {
			$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_dberror'));
		}
		
	} else

	
	
// forum reply
	if ($_REQUEST['reply']) {
		$new_name  = escapestr($_REQUEST['name']);
		$new_text  = text2html(escapestr($_REQUEST['text']));
		$parent = escapestr($_REQUEST['parent']);

		if (!(SecurityCheck($new_name.$new_text))) { 
			$time = time();
			$query = "insert into `forum_posts` (parent,text,user,time) values ($parent, '$new_text','$id','$time')" ;
			$result = mysql_query ($query);
			if ($result){
				$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_forumposted'),
				GetLangString($lang,'msg_forumposted') . 
					"<br><a href='/index.php?do=forum&thread=$parent'>" .
				GetLangString($lang, 'msg_forumpostedbacklink'));	
			} else { 
				$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_dberror'));
			}
		} else { 
			$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_baddata'));
		}
	} else 	

// forum new thread
if ($_REQUEST['newthread']) {
		$new_name  = escapestr($_REQUEST['name']);
		$new_text  = text2html(escapestr($_REQUEST['text']));
		$new_parent = escapestr($_REQUEST['parent']);
		if (!(SecurityCheck($new_name.$new_text))) { 
			$query = "insert into `forum_threads` (parent,name) values ('$new_parent', '$new_name')" ;
			$result = mysql_query ($query);
			$parent = mysql_insert_id();

			if ($parent) { 
				$time = time();
				$query = "insert into `forum_posts` (parent,text,user,time) values ('$parent', '$new_text','$id','$time')" ;
				$result = mysql_query ($query);
				if ($result){
					$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_forumposted'),
				GetLangString($lang,'msg_forumposted') . 
					"<br><a href='/index.php?do=forum&thread=$parent'>" .
				GetLangString($lang, 'msg_forumpostedbacklink'));	
//					str_ireplace("%url%","/index.php?do=forum&thread=$parent",GetLangString($lang,'msg_forumposted')));
				} else { 
					$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_dberror'));
				}
			} else { 
				$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_dberror'));
			}		
		} else {
			$SITE_MIDDLE.= FormatElement(GetLangString($lang,'txt_error'),GetLangString($lang,'msg_baddata'));
		}
	} else  
// forum view thread
	if ($_REQUEST['thread']) {
		$thread_id = escapestr($_REQUEST['thread']);
		$query = "Select * from `forum_posts` where `parent`='$thread_id'";
		$result = mysql_query ($query);
		if ($result) {

			$query2="select * from `forum_threads` where `id`='$thread_id'";
			$result2=mysql_query($query2);
			$threads = mysql_fetch_array($result2);
			
			
			
			$forumlayout = "<a href='index.php?do=forum'>".GetLangString($lang,"txt_forum")."</a> - ".
			"<a href='index.php?do=forum&topic=".$threads['parent']."'>".
			GetLangString($lang,"forum_title".$threads['parent'])."</a> - 
			<a href='index.php?do=forum&thread=$thread_id'>".$threads['name']."</a>";
			unset($threads);			
			
		
			while ($thread = mysql_fetch_array($result)) {
				$time 					= date("d-m-Y H:i:s",$thread['time']);
				$profile_id   	= $thread['user'];
				$text 					= bb2html($thread['text']);
				$query2        	= "SELECT * from users where id='" . $profile_id ."'";
				$result2 				= mysql_query($query2);
				if (mysql_num_rows($result2)){ 
					$profile_info = mysql_fetch_array($result2);
					$from = "<a href=\"index.php?do=profile&profile_id=".$profile_info['id']."\">".$profile_info['name']."</a><br>";
					$from .= GetStatusImg($profile_info['status']);					
					$from .= "<br><img src=\"index.php?do=getphoto&square=1&size=75&id=".$profile_info['photo']."\" title=\"".$profile_info['name']."\">";

					
					if ( $profile_id == $id ) {
						$delete="<a href='index.php?do=forum&delete=".$thread['id']."&parent=$thread_id'>".GetLangString ($lang, "txt_delete") . "</a>  -  ";
						$delete.="<a href='index.php?do=forum&edit=".$thread['id']."&parent=$thread_id'>".GetLangString ($lang, "txt_edit") . "</a>";
					} else {
						unset($delete);
						$delete .="<a href='index.php?do=sendpm&to=".$profile_info['id']."'>". GetLangString($lang,"txt_sendpm");
					}
				}	else $from = GetLangString($lang,'txt_unknown');
				$threads .= "<tr>
									<td align=\"center\" width=\"125\" valign=\"top\">
									$from<br>$time<br>$delete
									</td>	<td valign=\"top\">$text</td></tr>";
			} 
		$threads = "<table border=\"1\" width=\"100%\">$threads</table>";

		$query  = "Select `name` from `forum_threads` where `id`='$thread_id'";
		$result = mysql_query ($query);
		$title  = mysql_result($result,0);
		$SITE_MIDDLE .= FormatElement ($forumlayout /*$title*/ ,$threads);	

		$reply    = "	<form action=\"/index.php?do=forum\" method=\"post\">
											 	<input type=\"hidden\" name=\"parent\" value=\"$thread_id\">".
												FormatSmallElement(GetLangString($lang,"txt_forumpost"),"
												<textarea  name=\"text\" rows=\"15\"></textarea>") . "
												<input type=\"submit\" value=\"".GetLangString($lang,"txt_postinforum")."\" name=\"reply\">";

		$SITE_MIDDLE .= FormatElement (GetLangString($lang,"txt_forumreply"),$reply);






		}	


	} else  
// forum view topic
	if ($_REQUEST['topic']) {
		$topic_id = escapestr($_REQUEST['topic']);
		$query = "Select * from `forum_threads` where `parent`='$topic_id' order by `sticky` desc, `id` desc";
		$result = mysql_query ($query);
			
			$forumlayout = "<a href='index.php?do=forum'>".GetLangString($lang,"txt_forum")."</a> - ".
			"<a href='index.php?do=forum&topic=$topic_id'>".
			GetLangString($lang,"forum_title".$topic_id)."</a>";
			
			unset($threads);	
		
		if ($result) {
			while ($thread = mysql_fetch_array($result)) {

			$query2="select * from `forum_posts` where `parent`='".$thread[id]."' order by `time` desc limit 1";
			$result2=mysql_query($query2);
			if (mysql_num_rows($result2)) {
				$lastpost = mysql_fetch_array($result2);
				$time = date("d-m-Y H:i:s",$lastpost['time']);
				$query3 = "select * from `users` where `id` = '".$lastpost['user']."'";
				$result3 = mysql_query($query3);
				$userinfo = mysql_fetch_array($result3);
				$poster = $userinfo['name'];
				$posterid = $userinfo['id'];
			}
			
			$query3="select * from `forum_posts` where `parent`='".$thread[id]."' order by `time` asc limit 1";
			$result3=mysql_query($query3);
			if (mysql_num_rows($result3)) {
				$firstpost = mysql_fetch_array($result3);
				$firsttime = date("d-m-Y H:i:s",$firstpost['time']);
				$query3 = "select * from `users` where `id` = '".$firstpost['user']."'";
				$result3 = mysql_query($query3);
				$userinfo = mysql_fetch_array($result3);
				$firstposter = $userinfo['name'];
				$firstposterid = $userinfo['id'];
			}
			
			$query4="select count(`id`) from `forum_posts` where `parent`='".$thread[id]."'";
			$result4=mysql_query($query4);
			$postcount = mysql_result($result4,0);
			
			$threads .= "<div class=\"forumelement\">
				<table width='100%'><tr><td width='50%'>
				<div class=\"forumtitle\"><a href=\"/index.php?do=forum&thread=".$thread[id]."\">".
					$thread['name']
				."</a></div><div class=\"forumsubtitle\">
				 $firsttime by <a href='index.php?do=profile&profile_id=$firstposterid'>$firstposter</a>
				</td><td width='25%'>";
			if (mysql_num_rows($result2)) {
				$threads.=GetLangString($lang,"txt_formlastpost");
				$threads.=" $time<br> by <a href='index.php?do=profile&profile_id=$posterid'>$poster</a> ".GetLangString($lang,"txt_postcount")." $postcount ";
			} else {
				$threads.=GetLangString($lang,"txt_formnoposts");
			}
			$threads.="</td></tr>"
			."</a></div></table></div>";
			
			/*
			$threads = "<div class=\"forumelement\"><div class=\"forumtitle\"><a href=\"/index.php?do=forum&thread=".$thread[id]."\">".
					$thread['name']
				."</div></a></div>$threads";
			*/	

			} 
			$SITE_MIDDLE .= FormatElement (/*GetLangString($lang,"txt_forumtopics")*/$forumlayout,$threads);
			
			$newthread    = "	<form action=\"/index.php?do=forum\" method=\"post\">
											 	<input type=\"hidden\" name=\"parent\" value=\"$topic_id\">".
												FormatSmallElement(GetLangString($lang,"txt_threadname"),"
												<input type=\"text\"   name=\"name\">").
												FormatSmallElement(GetLangString($lang,"txt_forumpost"),"
												<textarea  name=\"text\" rows=\"15\"></textarea>") . "
												<input type=\"submit\" value=\"".GetLangString($lang,"txt_postinforum")."\" name=\"newthread\">";

			$SITE_MIDDLE .= FormatElement (GetLangString($lang,"txt_startnewthread"),$newthread);
			 
		} 

	
	} else {
// forum list all topics
		$query = "Select * from `forum_topics` order by `sort` desc";
		$result = mysql_query ($query);
		if ($result) {
			while ($topic = mysql_fetch_array($result)) {
				$query2="select * from forum_posts join forum_threads on forum_posts.parent=forum_threads.id where forum_threads.parent='".$topic[id]."' order by forum_posts.time desc limit 1";
				$result2= mysql_query($query2);
				if (mysql_num_rows($result2)) {
					$lastpost = mysql_fetch_array($result2);
					$time = date("d-m-Y H:i:s",$lastpost['time']);
					$query3 = "select * from `users` where `id` = '".$lastpost['user']."'";
					$result3 = mysql_query($query3);
					$userinfo = mysql_fetch_array($result3);
					$poster = $userinfo['name'];
					$posterid = $userinfo['id'];
					$thread = $lastpost['name'];
					$threadid = $lastpost['id'];
				}
				$topics .= "<div class=\"forumelement\">
				<table width='100%'><tr><td width='50%'>
				<div class=\"forumtitle\"><a href=\"/index.php?do=forum&topic=".$topic[id]."\">".
				GetLangString($lang,"forum_title".$topic[id]) 
				."</div><div class=\"forumsubtitle\">".
				GetLangString($lang,"forum_subtitle".$topic[id])
				."</td><td width='25%'>";
				if (mysql_num_rows($result2)) {
					$topics.=GetLangString($lang,"txt_formlastpost");
					$topics.=" $time<br> ".GetLangString($lang,"txt_by"). " <a href='index.php?do=profile&profile_id=$posterid'>$poster</a> 
					".GetLangString($lang,"txt_in")." <a href='index.php?do=forum&thread=$threadid'>$thread</a>";
				} else {
					$topics.=GetLangString($lang,"txt_formnoposts");
				}
				$topics.="</td></tr>"
				."</a></div></table></div>";
				
				/*
				$topics .= "<div class=\"forumelement\"><div class=\"forumtitle\"><a href=\"/index.php?do=forum&topic=".$topic[id]."\">".
				/*$result[name]* /
				GetLangString($lang,"forum_title".$topic[id]) 
				."</div><div class=\"forumsubtitle\">".
				"<table width='100%'><tr><td width='25%'>".
				GetLangString($lang,"forum_subtitle".$topic[id])
				."</td><td>"
				."$time by $poster in $thread"
				."</td></tr></table>"
				."</div></a></div>";
				*/
			} 
			$SITE_MIDDLE .= FormatElement (GetLangString($lang,"txt_forumtopics"),$topics);
		} 
		
	}

?>
